Wire fraud: How to protect yourself
The title insurance business has been, and continues to be, a target of increasing attempts at wire fraud. The most common method used by cyber thieves is “Phishing.”
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies or individuals. The intent is to trick or deceive individuals to reveal personal information, such as passwords and credit card numbers or re-route and steal funds, as is the case with wire fraud.
Often the emails appear to be coming from a legitimate business or recognized user (the real name of the sender/business is typically spoofed). Spoofing is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as someone known to the receiver. It is the targeted variation of phishing that is used in wire fraud attempts.
There are several reasons these attempts are so successful, primarily taking advantage of human nature and error.
By taking time to establish simple but important standards and actions, it goes a long way to avoid becoming a victim of wire fraud. Consider the following tips:
- Personalize. The more personal the verification, the better. Have the seller sign wiring instructions. If the seller cannot attend the closing, obtain the seller’s wiring instructions in addition to the lender’s closing instructions. The seller should sign the wiring instructions, and the signature should be notarized, if possible. Any change to the original instruction should be verified, using a personal ID code and the change should made via combination of phone and email verification. An email verification alone is inadequate.
- Buy and maintain cyber insurance. Hackers target emails with wiring instructions and then divert funds with a modified email with updated directions for wiring money into their personal account. This type of scam is not covered by E&O insurance, so it is important to protect your business and customers with cyber theft and cyber liability insurance coverage.
- Don’t use free email accounts. These have security issues and flaws and are mined for data by the providers. Only use secure and professional email services.
- Don’t send wires overseas. Maintain an international transfer block on your accounts which will require an exception override should a legitimate transfer be necessary. Be cautious of sending money overseas. Contact Underwriting to discuss the best way to deliver funds to an overseas party. In the event funds are fraudulently diverted outside the U.S., immediately contact your bank and local FBI office. The FBI maintains a “kill chain” and it is possible if alerted early enough, they may be able to stop the transfer or recover some of the funds.
- Verify instructions and be suspicious of wiring instructions sent via free email service. If you receive instructions via an email service like Yahoo or Gmail, be cautious. The instructions may be fictitious. Do not respond via email. The hacker may have access to the original account. Use the phone or a personal pin process to confirm the validity of the instructions.
- Be alert to unusual activity. Monitor and be wary of any funds going to an account not in the name of the seller or to a location different from that of the seller. Any sign of these activities must be thoroughly investigated – and not via email, use the phone for direct contact.
- Strictly enforce regular password change. Do this on a regular basis and use a unique, robust password to make it as difficult as possible for someone to acquire or compromise your password.
- Standard email closing. Consider adding the following or similar text in your signature line to emphasize the protection of information and create awareness:
We will never request that you send funds or nonpublic personal information, such as social security numbers, credit card or debit card numbers, or bank account and/or routing numbers by email. If you receive an email message concerning any transaction involving [Name of company] and the email requests that you send funds or provide nonpublic personal information, do not respond to the email and immediately contact [Name of company] by phone. Please reach out to me at the phone number above if you have any questions about the content of this email.
Tags: cybersecurity, wire fraud